Security News for the Week Ending September 8, 2023
Want a .US Domain? Just Lie About It.
The .US top level domains are a hotbed for phishing attacks. Apparently, this is due to lax oversight. In theory, the .US is managed by the US government, but the government outsources that to GoDaddy – who doesn’t have a stellar cybersecurity reputation to be polite. See here and here, for example. When asked about verifying that buyers are US citizens, GoDaddy said that buyers have to check a box on their website saying that they are US citizens. Maybe GoDaddy needs to re-evaluate or the Department of Commerce, who contracted out to them, needs to re-evaluate. Credit: Brian Krebs
Well, This Qualifies as Super Embarrassing
Toyota was forced to halt production in 12 of its 14 Japan-based manufacturing facilities in late August for several days at a cost of 13,000 cars not made, per day. What sort of ransomware caused this? None. It was caused by a lack of disk space during a system maintenance period which caused a cascading failure, bringing production to a halt. In addition, their DR plan was completely faulty, stopping them from being able to come up on their DR site. This is not that uncommon, but if you need help avoiding situations like this, please contact us. Credit: Bleeping Computer
Bad Week for Crypto Scammers; Good One for The Rest of Us
The courts sentenced Thodex’s crypto scammer ($2 billion) CEO and his brother and sister to 11,196 years in prison. And no, that is not a typo. Should keep them under control. Also a fourth FTX exe pleads guilty and agrees to forfeit $1.5 BILLION. That can’t be good for Bankman-Fried having that many execs testifying against him. Credit: Coindesk and CNN
CISA Says They Are Wrapping Up Cyber Incident Reporting Guide Ahead of Schedule
Last year’s spending bill requires critical infrastructure to report cyber incidents. Congress gave them two years to publish an interim rule; they are going to do it in about a year. Stay tuned for what is in it. Credit: The Record
Is That Encrypted App Really Secure?
If you are going to be a crook and protect your communications via an encrypted app, make sure that the app is actually secure. Europol has taken down three encrypted apps used by crooks – EncroChat, SkyECC and ANOM and they say that has given them “unprecedented insight” into the ways of the underworld. This time they arrested 6, seized 2.7 TONS of coke, watches and about a half mil in cash. Not bad for a day’s work. Credit: The Register